Skip to content
Snippets Groups Projects
Commit c904a753 authored by David Bühler's avatar David Bühler
Browse files

[Eva] User manual: minor changes on the Value partitioning subsection.

parent 30742124
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 35 additions and 38 deletions
doc/value/main.tex
+ 35
38
View file @ c904a753
...@@ -3755,7 +3755,7 @@ In practice, \lstinline|-eva-partition-history 1| seems to be sufficient in ...@@ -3755,7 +3755,7 @@ In practice, \lstinline|-eva-partition-history 1| seems to be sufficient in
most cases, and a greater value is rarely needed. most cases, and a greater value is rarely needed.
\subsection{Manual partitioning on values} \subsection{Value partitioning}
A case-based reasoning on the possible values of an expression can be forced A case-based reasoning on the possible values of an expression can be forced
inside a function by using \lstinline|split| annotations. These annotations inside a function by using \lstinline|split| annotations. These annotations
...@@ -3764,65 +3764,62 @@ enumerated. The example below shows an usage of this annotation. ...@@ -3764,65 +3764,62 @@ enumerated. The example below shows an usage of this annotation.
\lstinputlisting{examples/parametrizing/split-array.c} \lstinputlisting{examples/parametrizing/split-array.c}
The \lstinline|split| requires that the analyzer enumerate all the 3 possible The \lstinline|split| instructs \Eva{} to enumerate all the possible
values for \lstinline|i| and conduct a specialized analysis of the function for values of \lstinline|i| and to continue the analysis separately for
each of these values. Thereafter, the value of \lstinline|i| is always each of these values. Thereafter, the value of \lstinline|i| is always
evalutated by \Eva{} as a singleton and it enables the use of a evaluated by \Eva{} as a singleton in each case, which enables the use of a
\lstinline|loop unroll| annotation on \lstinline|i|. This way, the result of \lstinline|loop unroll| annotation on \lstinline|i|. This way, the result of
the function can be exactly computed as the set of three possible value instead the function can be exactly computed as the set of three possible values instead
of an imprecise interval. of an imprecise interval.
\lstinputlisting[linerange={25-26}] \lstinputlisting[linerange={25-26}]
{examples/parametrizing/split-array.log} {examples/parametrizing/split-array.log}
The \lstinline|split| can be any expression that evaluate to a {\it small} A \lstinline|split| annotation can be used on any expression that evaluates to a
number of integer values. In particular, it can be C comparisons like in {\it small} number of integer values. In particular, the expression can be a C
the following example. comparison like in the following example.
\lstinputlisting{examples/parametrizing/split-fabs.c} \lstinputlisting{examples/parametrizing/split-fabs.c}
To be analyzed properly, the equality domain must be activated with the option This example requires the equality domain (enabled with option
\lstinline|-eva-equality-domain| (see section \ref{sec:symbolic-equalities}) \lstinline|-eva-equality-domain|, see section \ref{sec:symbolic-equalities}) to
as we need the equality relations between the input and the output of the be analyzed precisely, as we need the equality relations between the input and
function \lstinline|fabs|, i.e. the relations \lstinline|x == \result| or the output of the function \lstinline|fabs|, i.e. the relations
\lstinline|x == -\result|. Then, the \lstinline|split| annotation placed before \lstinline|x == \result| or \lstinline|x == -\result|.
the call to \lstinline|fabs| allows us to reason by case and infer the relevant Then, the \lstinline|split| annotation before the call to \lstinline|fabs|
equality in each case. allows \Eva{} to reason by case and to infer the relevant equality in each case.
Note in the previous example the use of \lstinline|merge| annotation. These This example also illustrates the use of a \lstinline|merge| annotation, which
annotations ends the reasoning by cases and must use the exact same expression ends the case-based reasoning started by a previous \lstinline|split| annotation
as a previous \lstinline|split|. In this example, the \lstinline|merge| with the exact same expression.
annotation is not needed as the partitioning will be ended at the end of the The use of \lstinline|merge| annotations is not mandatory, but they allow the
function anyway. The use of \lstinline|merge| annotations is not mandatory, user to mitigate the cost of \lstinline|split| annotations.
and are these annotations exists only to allow the user to mitigate the cost of
the reasoning by cases.
Alternatively to annotations, it is possible to use the command-line to Alternatively to annotations, it is possible to use the command-line to
reason by case during the whole analysis. The command line parameter reason by case during the whole analysis. The command line parameter
\lstinline|-eva-partition-value <V>| forces the analyzer to reason at all times \lstinline|-eva-partition-value <V>| forces the analyzer to reason at all times
on single values of the global variable \lstinline|<V>|. on single values of the global variable \lstinline|<V>|.
There are three limitations to partitioning on values. There are three limitations to partitioning on values:
\begin{enumerate} \begin{enumerate}
\item While the number of simultaneous splits (whether local with annotations \item While the number of simultaneous splits (whether local with annotations
or global through command line) is not bounded, there can be only one split or global through command line) is not bounded, there can be only one split
per expression. If two \lstinline|split| annotation uses the same expression, per expression. If two \lstinline|split| annotations use the same expression,
only the latest one encountered on the path will be kept. Although it is a only the latest one encountered on the path will be kept. Although it is a
limitation, it can be used to define strategies where a reasoning by case is limitation, it can be used to define strategies where a case-based reasoning
controlled accross the whole program. is controlled accross the whole program.
\item The expression on which the split is done must evaluate to a bounded set \item The expression on which the split is done must evaluate to a small set of
of values. Otherwise, the analysis would not be guaranteed to terminate. The integer values, in order to limit the cost of the partitioning and ensure the
analysis must be precise enough in order to prove the boundedness. When \Eva{} termination of the analysis. If the number of possible values infered for the
fails to prove that the number of possible values is lower than a defined limit, expression exceeds a defined limit, \Eva{} cancels the split and emits a
either because the set is unbounded or because it failed to prove it, warning. The limit is 100 by default and can be changed with option
it will raise a warning and cancel the split. The limit is arbitrary and \lstinline|-eva-split-limit <n>|.
can be set with the option \lstinline|-eva-split-limit <n>|.
\item When the expression is complex, the ability of \Eva{} to reason \item When the expression is complex, the ability of \Eva{} to reason
precisely by cases depends on the activated abstract domains (see section precisely by cases depends on the enabled abstract domains (see section
\ref{sec:eva}) and their capability to learn from the expression. \Eva{} will \ref{sec:eva}) and their capability to learn from the value of the expression.
try to detect this and will cancel the split and warn the user when it is If \Eva{} detects that the expression is too complex for the split to be useful,
not useful. it will cancel the split and warn the user.
\end{enumerate} \end{enumerate}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment